The GNU Privacy Guard's quick-and-dirty encryption capabilities have made it an international success with many popular e-mail clients. In this article, Aron Hsiao teaches you how to use this tool for encrypting e-mail.

This article is excerpted from Sams Teach Yourself Security Basics in 24 Hours.

This chapter is from the book

This chapter is from the book

In this chapter, you'll learn to use the Free Software Foundation's
implementation of the Pretty Good Privacy (PGP) method for general-purpose data
security. The name of this implementation is the GNU Privacy Guard (GPG).

Though PGP and, more specifically, GPG can be used for encrypting many kinds
of data, PGP really became an international success because of its ability to
do quick-and-dirty encryption with many popular e-mail clients. The encryption
of e-mail remains PGP's most common function.

A Quick PGP Overview

Like many of the other encryption methods we've covered so far, PGP
works with a two-key encryption system. Every person using PGP creates a key
pair for himself or herself. One key in the pair is a public key; the other key
is a private key. The public key is circulated as widely as possible and may
even be listed in any one of several public key databases, where other Internet
users around the world can find it. The private key is a closely guarded
personal secret and is never transmitted or copied anywhere or to anyone.

These two keys work together to encrypt and decrypt data. Data encrypted with
the public key can be decrypted only with the private key, and, conversely, data
encrypted with the private key can be decrypted only with a public key. This
allows two kinds of verification to take place.

First, the members of the public at large who wish to send a message to a
specific person can encrypt the message or data in question with the
person's public key before sending it. Since only the person's private
key can decrypt the message or data, the sender is guaranteed that no other
human eyes will see it in unencrypted form, other than the intended recipient,
who has the private key.

In the other direction, a sender can also validate (sign) a message or data
using his private key and send it to various members of the public at large (or
his or her friends). When the recipients are able to decode the signature using
the supposed sender's public key, they can be assured that the message or
the data did indeed come from the sender the message or data claims to be
from.

Though there are really many more twists, turns, and features than this, this
is the basic idea behind public key cryptography, and PGP represents a kind of
brute-force, simple implementation of this concept.